× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6586a02e8fbb949d14a4a114a58edf4095a3197cf930d0a246d4df968f67aa68
File name: TCPIP_SYS_RESTORE.EXE
Detection ratio: 0 / 46
Analysis date: 2012-12-06 11:30:55 UTC ( 4 years, 4 months ago ) View latest
Probably harmless! There are strong indicators suggesting that this file is safe to use.
Antivirus Result Update
Yandex 20121205
AhnLab-V3 20121205
AntiVir 20121206
Antiy-AVL 20121204
Avast 20121206
AVG 20121206
BitDefender 20121206
ByteHero 20121130
CAT-QuickHeal 20121206
ClamAV 20121206
Commtouch 20121206
Comodo 20121206
DrWeb 20121206
Emsisoft 20121206
eSafe 20121205
ESET-NOD32 20121206
F-Prot 20121206
F-Secure 20121206
Fortinet 20121206
GData 20121206
Ikarus 20121206
Jiangmin 20121206
K7AntiVirus 20121205
Kaspersky 20121206
Kingsoft 20121206
Malwarebytes 20121206
McAfee 20121206
McAfee-GW-Edition 20121206
Microsoft 20121206
eScan 20121206
NANO-Antivirus 20121206
Norman 20121206
nProtect 20121206
Panda 20121206
PCTools 20121206
Rising 20121206
Sophos 20121206
SUPERAntiSpyware 20121206
Symantec 20121206
TheHacker 20121206
TotalDefense 20121206
TrendMicro 20121206
TrendMicro-HouseCall 20121206
VBA32 20121205
VIPRE 20121206
ViRobot 20121206
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Greatis Software

Product UnHackMe
Original name tcpip_sys_restore.exe
Internal name tcpip_sys_restore.exe
File version 1.0.1.1
Description Free tool to restore TCPIP.SYS
Signature verification Signed file, verified signature
Signing date 12:27 PM 12/6/2012
Signers
[+] Greatis Software LLC
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2010 CA
Valid from 1:00 AM 10/15/2012
Valid to 12:59 AM 10/16/2013
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 67D89519A8E5AF30A97AB5C0E929C23E0C2F6B1F
Serial number 5E 2C 1F EE A0 E6 2D 67 00 84 FE AA 1D 04 A5 16
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec Time Stamping Services Signer - G3
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown., Error 65536 (0x10000), The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
Issuer VeriSign Time Stamping Services CA
Valid from 1:00 AM 5/1/2012
Valid to 12:59 AM 1/1/2013
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 8FD99D63FB3AFBD534A4F6E31DACD27F59504021
Serial number 79 A2 A5 85 F9 D1 15 42 13 D9 B8 3E F6 B6 8D ED
[+] VeriSign Time Stamping Services CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/4/2003
Valid to 12:59 AM 12/4/2013
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Serial number 47 BF 19 95 DF 8D 52 46 43 F7 DB 6D 48 0D 31 A4
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-12-06 11:26:07
Entry Point 0x00001000
Number of sections 8
PE sections
Overlays
MD5 73dd12685d5d4fc2a2ee17db62d0f07f
File type data
Offset 7312384
Size 6008
Entropy 7.29
PE imports
RegDeleteKeyA
RegRestoreKeyA
RegFlushKey
RegLoadKeyA
RegCloseKey
RegQueryValueExA
RegReplaceKeyA
RegSetValueExA
RegDeleteValueA
RegUnLoadKeyA
RegCreateKeyExA
RegOpenKeyExA
RegEnumValueA
RegSaveKeyA
RegEnumKeyExA
RegQueryInfoKeyA
RegConnectRegistryA
ImageList_BeginDrag
ImageList_SetBkColor
ImageList_SetDragCursorImage
ImageList_Read
ImageList_DragMove
ImageList_Remove
ImageList_GetDragImage
ImageList_DrawEx
ImageList_SetIconSize
ImageList_Write
ImageList_GetImageCount
ImageList_Destroy
ImageList_Draw
ImageList_GetIconSize
ImageList_DragLeave
ImageList_GetBkColor
ImageList_ReplaceIcon
ImageList_DragEnter
ImageList_Add
ImageList_DragShowNolock
ImageList_Create
ImageList_EndDrag
GetOpenFileNameA
GetSaveFileNameA
GetDIBColorTable
DeleteEnhMetaFile
SetMapMode
GetSystemPaletteEntries
SetBkMode
CreateHalftonePalette
SetStretchBltMode
GetCurrentPositionEx
SaveDC
GetWinMetaFileBits
RoundRect
CreateFontIndirectA
GetPaletteEntries
MaskBlt
GetClipBox
GetEnhMetaFilePaletteEntries
GetBitmapBits
Rectangle
GetObjectA
GetBrushOrgEx
ExcludeClipRect
PlayEnhMetaFile
LineTo
DeleteDC
RestoreDC
GetMapMode
GetWindowOrgEx
SetPixel
GetPixel
SetWindowOrgEx
IntersectClipRect
BitBlt
SetViewportOrgEx
CreateDIBSection
CopyEnhMetaFileA
RealizePalette
SetTextColor
GetDeviceCaps
PolyPolyline
RectVisible
SetEnhMetaFileBits
CreateBitmap
MoveToEx
CreatePalette
CreateBrushIndirect
CreateDIBitmap
GetStockObject
SelectPalette
ExtTextOutA
UnrealizeObject
GetDIBits
GetEnhMetaFileBits
SetROP2
GetDCOrgEx
CreateCompatibleDC
StretchBlt
SetBrushOrgEx
SelectObject
GetTextExtentPoint32A
PatBlt
GetTextMetricsA
SetDIBColorTable
CreateCompatibleBitmap
SetWindowExtEx
GetEnhMetaFileHeader
SetViewportExtEx
CreateSolidBrush
Polyline
DPtoLP
ExtCreatePen
GetTextExtentPointA
SetBkColor
SetWinMetaFileBits
DeleteObject
Ellipse
CreatePenIndirect
SetThreadLocale
GetStdHandle
FileTimeToDosDateTime
WaitForSingleObject
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
LocalAlloc
SetErrorMode
GetCPInfo
WriteFile
GetDiskFreeSpaceA
GetStringTypeW
FreeLibrary
LocalFree
InitializeCriticalSection
LoadResource
GlobalHandle
FindClose
TlsGetValue
FormatMessageA
SetLastError
GetSystemTime
HeapAlloc
GetModuleFileNameA
EnumCalendarInfoA
LoadLibraryExA
GetPrivateProfileStringA
SetConsoleCtrlHandler
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetModuleHandleA
CreateThread
GlobalAddAtomA
MulDiv
GlobalAlloc
SetEndOfFile
GetVersion
LeaveCriticalSection
HeapFree
EnterCriticalSection
SetHandleCount
SetEvent
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetDateFormatA
GetFileSize
GetWindowsDirectoryA
GetProcAddress
GetProcessHeap
GlobalReAlloc
FindFirstFileA
lstrcpyA
CompareStringA
FindNextFileA
GlobalLock
CreateEventA
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
GlobalDeleteAtom
GetSystemInfo
lstrlenA
GlobalFree
GetThreadLocale
GlobalUnlock
VirtualQuery
FileTimeToLocalFileTime
GetEnvironmentStrings
WritePrivateProfileStringA
GetCurrentProcessId
LockResource
WideCharToMultiByte
GetCommandLineA
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
lstrcpynA
GetACP
GetCurrentThreadId
FreeResource
SizeofResource
VirtualFree
Sleep
FindResourceA
VirtualAlloc
GetOEMCP
IsEqualGUID
SysStringLen
SysAllocStringLen
VariantCopyInd
VariantClear
SysReAllocStringLen
SysFreeString
VariantChangeTypeEx
ShellExecuteA
SetFocus
GetForegroundWindow
EnableScrollBar
DestroyMenu
PostQuitMessage
LoadBitmapA
SetWindowPos
IsWindow
SetTimer
DispatchMessageA
EndPaint
ScrollWindowEx
SetMenuItemInfoA
CharUpperBuffA
WindowFromPoint
GetMessageTime
SetActiveWindow
GetDC
GetCursorPos
DrawTextA
GetClassInfoA
GetMenu
UnregisterClassA
DefFrameProcA
GetClientRect
CharLowerBuffA
SetScrollPos
CallNextHookEx
TrackPopupMenu
GetTopWindow
ShowCursor
EnumClipboardFormats
wsprintfA
GetMenuStringA
GetWindowTextA
DestroyWindow
DrawEdge
GetParent
SystemParametersInfoA
SetPropA
EqualRect
EnumWindows
DefMDIChildProcA
ShowWindow
SetClassLongA
DrawFrameControl
GetDesktopWindow
TranslateMDISysAccel
EnableWindow
SetWindowPlacement
PeekMessageA
IsCharAlphaA
TranslateMessage
IsWindowEnabled
GetWindow
ActivateKeyboardLayout
InsertMenuItemA
GetIconInfo
LoadStringA
SetClipboardData
ScrollWindow
GetSystemMetrics
IsZoomed
GetWindowPlacement
GetKeyboardLayoutList
DrawMenuBar
EnableMenuItem
RegisterClassA
GetMenuItemCount
GetWindowLongA
CreateWindowExA
OemToCharA
GetActiveWindow
GetKeyboardLayout
FillRect
EnumThreadWindows
CharNextA
CreateMenu
PtInRect
IsChild
IsDialogMessageA
MapWindowPoints
MapVirtualKeyA
ReleaseCapture
SetCapture
BeginPaint
OffsetRect
GetScrollPos
KillTimer
RegisterWindowMessageA
DefWindowProcA
DrawFocusRect
GetClipboardData
CharLowerA
IsIconic
SetScrollRange
GetWindowRect
InflateRect
UpdateWindow
PostMessageA
DrawIcon
IntersectRect
SetWindowLongA
SetKeyboardState
RemovePropA
CreatePopupMenu
CheckMenuItem
GetSubMenu
GetLastActivePopup
DrawIconEx
GetDCEx
GetDlgItem
ClientToScreen
InsertMenuA
LoadCursorA
LoadIconA
GetKeyboardState
SetWindowsHookExA
GetMenuItemInfoA
GetMenuState
ShowOwnedPopups
GetSystemMenu
GetMenuItemID
SetForegroundWindow
OpenClipboard
EmptyClipboard
ReleaseDC
GetScrollRange
GetScrollInfo
GetCapture
WaitMessage
ScreenToClient
FindWindowA
MessageBeep
RemoveMenu
GetWindowThreadProcessId
ShowScrollBar
GetPropA
SetMenu
RegisterClipboardFormatA
IsRectEmpty
MessageBoxA
GetWindowDC
DestroyCursor
AdjustWindowRectEx
LoadKeyboardLayoutA
GetSysColor
SetScrollInfo
GetKeyState
IsCharAlphaNumericA
GetDoubleClickTime
DestroyIcon
GetKeyNameTextA
IsWindowVisible
WinHelpA
UnionRect
FrameRect
SetRect
DeleteMenu
InvalidateRect
SendMessageA
SetWindowTextA
CreateIcon
ValidateRect
CallWindowProcA
GetCursor
GetFocus
CloseClipboard
GetKeyboardType
UnhookWindowsHookEx
SetCursor
PE exports
Number of PE resources by type
RT_BITMAP 24
RT_RCDATA 14
RT_STRING 13
RT_GROUP_CURSOR 7
RT_CURSOR 7
RT_ICON 6
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 42
ENGLISH UK 24
RUSSIAN 8
PE resources
ExifTool file metadata
LegalTrademarks
UnHackMe

SubsystemVersion
4.0

LinkerVersion
5.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.1.1

LanguageCode
Russian

FileFlagsMask
0x003f

FileDescription
Free tool to restore TCPIP.SYS

CharacterSet
Windows, Cyrillic

InitializedDataSize
49152

EntryPoint
0x1000

OriginalFileName
tcpip_sys_restore.exe

MIMEType
application/octet-stream

LegalCopyright
Greatis Software

FileVersion
1.0.1.1

TimeStamp
2012:12:06 12:26:07+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
tcpip_sys_restore.exe

ProductVersion
6.0

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Greatis Software LLC

CodeSize
503808

ProductName
UnHackMe

ProductVersionNumber
1.0.1.1

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 650c216ed49afef3782eec39cdf87d41
SHA1 fa70db6af41e0439927f86a97d951dbc17ce76f5
SHA256 6586a02e8fbb949d14a4a114a58edf4095a3197cf930d0a246d4df968f67aa68
ssdeep
196608:bU3DYZA4d+K/kcUntSsqSMTRmpcSeZSxuqwB:I38AADkcUnQsqSgRmpcSMSUqk

authentihash 59b8145386baf1477c95a5b9dbd9da0b805230f07d1b163524f8850b4f03d7b4
imphash 232a0792ce7c8331fb6a520469a46841
File size 7.0 MB ( 7318392 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library - Borland C/C++ (72.3%)
InstallShield setup (14.1%)
Windows screen saver (4.2%)
DOS Executable Borland C++ (4.2%)
Win32 Dynamic Link Library (generic) (2.1%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2012-12-06 11:30:55 UTC ( 4 years, 4 months ago )
Last submission 2017-02-22 09:11:28 UTC ( 2 months ago )
File names tcpip_sys_restore.exe
TCPIP_SYS_RESTORE.EXE
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!